Fortinet black logo

Administration Guide

L3 Firewall Profiles

L3 Firewall Profiles

L3 Firewall Profiles define WiFi access permissions for SSIDs. When you create SSID profiles, you can select an access control list.

To view access control lists:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to AP Manager > WiFi Templates > Protection Profiles > L3 Firewall Profiles.

    The following options are available in the toolbar and right-click menu:

    Create New

    Create a new access control list.

    Edit

    Edit the selected access control list.

    Delete

    Delete the selected access control list.

    Clone

    Clone the selected access control list.

    Where Used

    View where the selected access control list is used.

    Import

    Import access control lists from a connected FortiGate (toolbar only).

To create access control lists:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to AP Manager > WiFi Templates > Protection Profiles > L3 Firewall Profiles.
  3. In the toolbar, Create New.

    The Create New L3 Firewall Profile pane opens.

  4. Enter the following information:

    Name

    Type a name for the access control list.

    Comment

    Optionally, enter comments.

    IPv4 Rule List

    Click Create New to define L3 firewall rules for IPv4 addresses

    Select the following, then click OK:

    • ID: Enter an ID for the rule.
    • Comments: Optionally, enter a description.

    • Source Address: Enter the source IP address.

    • Source Port: Enter the source port.

    • Destination Address: Enter the destination IP address.

    • Destination Port: Enter the destination port.

    • IANA protocol number: Enter the protocol.

    • Action: Select the policy action. Select Allow or Deny to allow or deny traffic matching the policy.

    IPv6 Rule List

    Click Create New to define L3 firewall rules for IPv6 addresses.

    Select the following, then click OK:

    • ID: Enter an ID for the rule.

    • Comments: Optionally, enter a description.

    • Source Address: Enter the source IP address.

    • Source Port: Enter the source port.

    • Destination Address: Enter the destination IP address.

    • Destination Port: Enter the destination port.

    • IANA protocol number: Enter the protocol.

    • Action: Select the policy action. Select Allow or Deny to allow or deny traffic matching the policy.

  5. Click OK to create the new access control list.
To edit access control lists:
  1. Select the access control list.
  2. In the toolbar, click Edit, or right-click the access control list and select Edit. You can also double-click an access control list to open it. The Edit Access Control List pane opens.
  3. Edit the settings as required.
  4. Click OK to apply your changes.
To delete access control lists:
  1. Select one or more access control lists to be deleted.
  2. In the toolbar, click Delete, or right-click the access control list and select Delete.
  3. Click OK in the confirmation dialog box to delete the access control list.
To clone access control lists:
  1. Select the access control list to be cloned.
  2. In the toolbar, click More > Clone, or right-click the access control list and select Clone.
  3. Edit the name, then edit the remaining settings as required.
  4. Click OK to clone the access control list.
To view where an access control list is used:
  1. Select the access control list.
  2. In the toolbar, click More > Where Used, or right-click the access control list and select Where Used. The Where <profile name> is used pane is displayed.
  3. Click Close.
To import access control lists:
  1. In the toolbar, click More > Import . The Import dialog opens.
  2. From the FortiGate dropdown, select a FortiGate from the list. The list will include all of the devices in the current ADOM.
  3. From the Profiles dropdown, select one or more access control lists to be imported.
  4. Click OK to import the access control lists.

L3 Firewall Profiles

L3 Firewall Profiles define WiFi access permissions for SSIDs. When you create SSID profiles, you can select an access control list.

To view access control lists:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to AP Manager > WiFi Templates > Protection Profiles > L3 Firewall Profiles.

    The following options are available in the toolbar and right-click menu:

    Create New

    Create a new access control list.

    Edit

    Edit the selected access control list.

    Delete

    Delete the selected access control list.

    Clone

    Clone the selected access control list.

    Where Used

    View where the selected access control list is used.

    Import

    Import access control lists from a connected FortiGate (toolbar only).

To create access control lists:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to AP Manager > WiFi Templates > Protection Profiles > L3 Firewall Profiles.
  3. In the toolbar, Create New.

    The Create New L3 Firewall Profile pane opens.

  4. Enter the following information:

    Name

    Type a name for the access control list.

    Comment

    Optionally, enter comments.

    IPv4 Rule List

    Click Create New to define L3 firewall rules for IPv4 addresses

    Select the following, then click OK:

    • ID: Enter an ID for the rule.
    • Comments: Optionally, enter a description.

    • Source Address: Enter the source IP address.

    • Source Port: Enter the source port.

    • Destination Address: Enter the destination IP address.

    • Destination Port: Enter the destination port.

    • IANA protocol number: Enter the protocol.

    • Action: Select the policy action. Select Allow or Deny to allow or deny traffic matching the policy.

    IPv6 Rule List

    Click Create New to define L3 firewall rules for IPv6 addresses.

    Select the following, then click OK:

    • ID: Enter an ID for the rule.

    • Comments: Optionally, enter a description.

    • Source Address: Enter the source IP address.

    • Source Port: Enter the source port.

    • Destination Address: Enter the destination IP address.

    • Destination Port: Enter the destination port.

    • IANA protocol number: Enter the protocol.

    • Action: Select the policy action. Select Allow or Deny to allow or deny traffic matching the policy.

  5. Click OK to create the new access control list.
To edit access control lists:
  1. Select the access control list.
  2. In the toolbar, click Edit, or right-click the access control list and select Edit. You can also double-click an access control list to open it. The Edit Access Control List pane opens.
  3. Edit the settings as required.
  4. Click OK to apply your changes.
To delete access control lists:
  1. Select one or more access control lists to be deleted.
  2. In the toolbar, click Delete, or right-click the access control list and select Delete.
  3. Click OK in the confirmation dialog box to delete the access control list.
To clone access control lists:
  1. Select the access control list to be cloned.
  2. In the toolbar, click More > Clone, or right-click the access control list and select Clone.
  3. Edit the name, then edit the remaining settings as required.
  4. Click OK to clone the access control list.
To view where an access control list is used:
  1. Select the access control list.
  2. In the toolbar, click More > Where Used, or right-click the access control list and select Where Used. The Where <profile name> is used pane is displayed.
  3. Click Close.
To import access control lists:
  1. In the toolbar, click More > Import . The Import dialog opens.
  2. From the FortiGate dropdown, select a FortiGate from the list. The list will include all of the devices in the current ADOM.
  3. From the Profiles dropdown, select one or more access control lists to be imported.
  4. Click OK to import the access control lists.